Solarwinds Network Performance Monitor 10.2.2 and possibly earlier versions contain a cross-site scripting (XSS), and cross-site request forgery (CSRF) vulnerability.
A remote unauthenticated attacker may obtain sensitive information, cause a denial of service condition or execute arbitrary code with the privileges of the application.
Apply an Update
Thanks to Offensive Security for reporting these vulnerabilities.
This document was written by Jared Allar.